Advertisement
Guest User

Untitled

a guest
Jul 23rd, 2017
62
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.22 KB | None | 0 0
  1. #!/usr/bin/env bash
  2.  
  3. set -e -o pipefail
  4.  
  5. trap 'rm -rf ssl' INT
  6.  
  7. export CN="$1"
  8. export C="${C-GB}"
  9. export ST="${ST-England}"
  10. export L="${L-London}"
  11. export EMAIL="${EMAIL-contact@$CN}"
  12.  
  13. if [ -z "$1" ]; then
  14. echo "Please specify a hostname, e.g. example.com as the first parameter."
  15. exit 1
  16. fi
  17.  
  18. echo "Generating self-signed certificate for $1."
  19.  
  20. rm -rf ssl
  21. mkdir ssl && cd ssl
  22.  
  23. cat > cert.cnf << EOF
  24. [req]
  25. default_bits = 2048
  26. prompt = no
  27. default_md = sha256
  28. distinguished_name = dn
  29.  
  30. [dn]
  31. C=$C
  32. ST=$ST
  33. L=$L
  34. O=$CN
  35. OU=$CN
  36. emailAddress=$EMAIL
  37. CN = $CN
  38. EOF
  39.  
  40. cat > v3.ext << EOF
  41. authorityKeyIdentifier=keyid,issuer
  42. basicConstraints=CA:FALSE
  43. keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
  44. subjectAltName = @alt_names
  45.  
  46. [alt_names]
  47. DNS.1 = $CN
  48. EOF
  49.  
  50. openssl genrsa -des3 -out rootCA.key -passout pass:foobar 2048↲
  51. openssl req -x509 -new -passin pass:foobar -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem -subj "/C=$C/ST=$ST/L=$L/CN=$CN"
  52.  
  53. openssl req -new -sha256 -passin pass:foobar -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config <( cat cert.cnf )
  54. openssl x509 -req -passin pass:foobar -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256 -extfile v3.ext
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement